New Feature Request Latest Topicshttp://forum.spamcop.net/forum/10-new-feature-request/New Feature Request Latest Topicsenan email address listed in the contenthttp://forum.spamcop.net/topic/25278-an-email-address-listed-in-the-content/
I wish to see, (When and if, an email address is listed in the content, of a conman email.), reporting being sent to the ISP that allowed it to receive notice too.

Just today: I received a conman email that had a Gmail address inside of the print of the letter, and did the report say one word to Gmail; NO!

That is my suggestion.

]]>25278Fri, 18 May 2018 17:31:53 +0000tinyurl parsinghttp://forum.spamcop.net/topic/17706-tinyurl-parsing/
I've been reporting a lot of spam lately that uses sites like bit.ly and tinyurl.com to obfuscate links.

I think it would be a good idea for spamcop to keep a list of such "url shortening services" and (automatically or on request by the reporter) dereference them into the links they point to.

]]>17706Thu, 20 Jul 2017 12:10:57 +0000spam tailored for circumventing SpamCophttp://forum.spamcop.net/topic/24942-spam-tailored-for-circumventing-spamcop/
I've been getting more spam that is tailored to circumvent SpamCop. The latest one has two 'exploits' ... one is a limitation of SC (that shouldn't exist); the other is a new 'bug'.

Three key areas that impede SC reporting:

Bug: eMail subject line that causes the email body to not be processed.
How / do you want me to report this? (As it has header info; I don't want to post it in a public forum)

It's been raised before, and I'll raise it again: The hard limitation of links needs to be re-though and re-designed.

Remove duplicates; as duplicate email's checked and are not set; not counting duplicates would be a big first step.

Remove known URL's that a) don't accept reports or b) known "red herring" URL's (microsoft.com as an example)

If max is still exceed .. report only the first "n" - or - allow me to choose which "n" should be reported; with them all disabled

Rethink the max char limited. Another circumvention technique is to add a substantial amount of html / formatting / white space at the top of the body. When SC truncates (at max chars); the URL's are below that line; and they don't get reported.

I realize that a great deal of this is "the way it's always been". The spammers are getting around that; and SC needs to be updated to handle the new tactics.

]]>24942Mon, 30 Apr 2018 20:00:30 +0000can not see the actual conman emailhttp://forum.spamcop.net/topic/24866-can-not-see-the-actual-conman-email/
When you open your report page, there is very little hint as to what or which email this report page is about.

I may have turned in ten today.

It is very often not at all clear, what in the world that email we are talking about said.

I suggest a view page.

I want a link that will allow me to view the actual email; Without the header.

]]>24866Wed, 25 Apr 2018 19:15:56 +0000"content omitted to avoid loading tracker images"http://forum.spamcop.net/topic/24023-content-omitted-to-avoid-loading-tracker-images/
Why does the content need to be omitted in source view? It's just displaying the raw source; it shouldn't be parsing the code in any case. The content being omitted makes it really difficult to determine which addresses to report to in many cases. For instance, SpamCop will often suggest reportphishing@apple.com as a report-to address, but the emails in question are usually not phishing attempts (at least for my AppleID), so I don't want to misreport. But that's impossible to tell when I can't see the actual content of the message.
]]>24023Thu, 08 Mar 2018 15:25:34 +0000Allow Acrobat to create PDF's from each page in Report Historyhttp://forum.spamcop.net/topic/17535-allow-acrobat-to-create-pdfs-from-each-page-in-report-history/
I would like to create a PDF from the "Report History" for the Last 90 Days and the website does not allow it,

]]>17535Fri, 07 Jul 2017 17:38:22 +0000A page showing devnulled domainshttp://forum.spamcop.net/topic/14933-a-page-showing-devnulled-domains/I'd like to request a page on the Spamcop web site that lists domains that are not receiving reports. This would be by domain, not IP address, if possible.

I understand that there are legitimate reasons for reports to be devnulled, and the web page could omit those. The main ones I'm interested in are where the domain operator has requested that they no longer receive reports (but not for legitimate reasons, such as that they are receiving reports via another channel), or where reports are always bounced.

Ideally the list would be sorted by the number of reports, with the biggest offender at the top. Being able to select a date range (month, year) would also be useful.

This page would be useful when researching providers: if someone recommends a hosting provider, and I go to this page and see that they are unresponsive to spam complaints, I will avoid using that provider.

]]>14933Wed, 06 May 2015 15:20:20 +0000http://forum.spamcop.net/topic/17071-resolvednbspbulk-reporting/
is there a Bulk spam Reporting facility on SpamCop? . . .Individually processing 200-300 SpamCop items per day is becoming laborious and kinda frustrating - Thanks for any help that may be forthcoming.
]]>17071Sun, 02 Apr 2017 01:15:57 +0000spamcop.net not available via IPv6http://forum.spamcop.net/topic/17010-spamcopnet-not-available-via-ipv6/
Hello,

]]>17010Mon, 23 Jan 2017 06:29:23 +0000HTTPs for SpamCop sign inhttp://forum.spamcop.net/topic/13607-https-for-spamcop-sign-in/Currently the http://www.spamcop.net/ site does not use https. This means that if you login to SpamCop from the login form (http://www.spamcop.net/mcgi?action=loginform), the no-cookie alternate login (e.g.http://mailsc.spamcop.net/) or using the login button on any page, your userid and password are passed in the clear.

This in itself is a security exposure, but it is much worse if you have an email account, because then your SpamCop.net login is your email account userid and password. So even if you are careful to always change the webmail login to https, and to use SSL from other mail clients, you're still giving up the email credentials anytime you login to the SpamCop site (such as for reporting via the Held Mail interface).

Note that the site also needs to use HTTPS when it passes the cookies, or some other means of spoiling session cookie replay attacks.

I tried changing to https://www.spamcop.net. It does present a certificate but it is invalid, and if you accept it it then says the service is down.

This needs to be fixed!

]]>13607Sat, 19 Oct 2013 17:10:28 +0000Reporting is too darn slow (rant)http://forum.spamcop.net/topic/16618-reporting-is-too-darn-slow-rant/I've been a paid spamcop user on and off for awhile. Recently I've been spending too darn much time reporting spam, much reported as being associated with myvirpus.com , and want the SpamCop reporting system improved please.

Roughly 4 times a day, I notice 10 spams in my Outlook junk folder. I scan them to make sure they are really spam, select all, and click SpamGrabber to report them. A few minutes later I get ten emails from SpamCop notifying me they have been received and processed. These emails are unnecessary. Then I visit the spamcop website and the time consuming process begins.

This repeats 4 times each day and 365 days each year, cumulatively taking hours and days out of my life.

My suggestions are as follows:* Since I've already verified that 10 spams are to be reported, allow me to click only once per visit on a button to "Report all 10 spams"* If the above proposal is not possible, at least cut my reporting time in half by requiring only one click and browser refresh per spam instead of two clicks per spam.* Allow me to turn off the report acknowledgement emails I am receiving, or even make no emails the default, I don't need them and for my use they waste time and resources.

It seems the SpamCop AutoResponder uses the (according to wikipedia) deprecated e-mail authentication system DK, could this please be upgraded to DKIM?

Thanks!

]]>16708Thu, 19 May 2016 18:25:26 +0000Add Executive Form that includes Spammer's Links fieldshttp://forum.spamcop.net/topic/16635-add-executive-form-that-includes-spammers-links-fields/Two or three fields should be added to the form that would include the "Spamvertised" site links.

Since Spamcop form is broken and no longer 'finds' links in the spam, the reporting is sort of useless. The sender of the email is not helping curb the spam. Follow the money trail to the actual cyber criminals involved.

Serious spam reporters can follow redirects and get the actual sites responsible for the spam. THOSE are the links / URLs / hosts that need to go into the black hole.

To avoid abuse of those fields, perhaps a second level of reporting volunteers who will utilize the "executive" form correctly.

I know you're very paranoid about false positives, but in that effort, you're missing the real culprits.

]]>16635Sat, 02 Apr 2016 14:03:08 +0000Check url redirectshttp://forum.spamcop.net/topic/16538-check-url-redirects/I've seen an increase in the use of URL redirects.

Most of the spam I'm receiving these days starts with a link from an URL shortener like owl.ly which redirects to a server that redirects to a second server and in some cases there's even a third server involved.

I found this using tools like ur query.net or webtoolhub.com

It would be great that spamcop incorporated similar technology to report all urls involved and not just the URL shorteners (which, as you say "twitterdoesntcareaboutspamreports"

]]>16538Fri, 12 Feb 2016 15:23:57 +0000Can SpamCop partner with Google?http://forum.spamcop.net/topic/16522-can-spamcop-partner-with-google/SpamCop has many "partnerships" with ISPs to help isolate spam. For example;

fbl-spamcop[at]ext.godaddy.comspamcop[at]mailservices.yahoo.com

I receive spam wherein a "x[at]gmail.com" is a credible address (to me). I know most are not. An example from a 419 or phish spam.

Reply-To: <revjonacooper2007[at]gmail.com> and in the body in some cases.

]]>16522Sun, 07 Feb 2016 01:31:08 +0000method to anonymously reply to 'rebuttals' to reportshttp://forum.spamcop.net/topic/14946-method-to-anonymously-reply-to-rebuttals-to-reports/I have, on occasion gotten rebuttals or responses to my reports. Typically it's something along the lines of "sorry for the inconvenience we've solved the problem" or that they had a virus infected system. I appreciate the response from an admin when that happens and I usually will reply. But that also, by way of mail client, gives them my actual email address which is usually not a problem.

However today I got a response from a spammer that is essentially trying to bully someone who may be uncertain or and trying to cover their tracks and keep themselves from getting blacklisted.

Either way, when he replies, it goes to an obfusicated email, but if I reply it will go back to him directly. If I reply to the SC address it just comes to me. Craigslist does have this kind of option that it essentially relays back and forth using the same random address for the interested parties. Either that or some way to make notes of things like this against the original complaint... something for others to be aware of. I'm just concerned this may turn into a normal thing and reduce SC's relevance.

Below is a portion of the message source with specific information removed (but I left the spammers info in... screw him LOL) and the relevant text highlighted for readability. Of course I've never bought from them, nor would I. It's a clear attempt to make someone insecure about using SC and intimidation.

<html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> </head><body><p>Hello SpamCop user,</p><p>[ Messages are not spam. All messages are sent to previous customers who have accepted and ticked a checkbox to receive newsletters during the purchase process. Should you wish to not receive mail, the unsubscribe option is always available. However, reporting the message as spam when it is not can be construed as malicious can require liability. ]</p><p>--<br>Please use the link below to review the report in question:<br>https://www.spamcop.net/mcgi?action=showhistory;slice=reportid;val=XXXXXX</p></body></html>

]]>14946Wed, 13 May 2015 17:11:45 +0000Show the date that cached whois was last refreshedhttp://forum.spamcop.net/topic/14911-show-the-date-that-cached-whois-was-last-refreshed/I suggest that when whois information is cached, it gives a timestamp of the date it was updated. This will help in my decision wether to waste time refreshing it or not.

Even better would be to have it automatically refresh if the date it was last refreshed was too long ago.

You will see that http://www.PCSmartHosting.com/ tells Spamcop it will resolve the issue after the 28th . . . but as you can see by my time stamp, it's the 29th.

We've seen this tactic used hundreds of times. This particular wave has been going on since September, and they spamvertise about six different sites -- illegal drugs -- and after reporting a bunch, I'll get this notice -- and Spamcop doesn't report.

They keep spamming and in a couple of days, Spamcop is once again accepting the reports.

Even if the ISP claims they'll stop the spam, Spamcop should continue the reports.

This spam cartel uses WhoIS masking, and all the techniques that mark those spammers who intend to continue and ignore Spamcop.

I recently starting submitting a lot more spam via email and then processing it via the website and wondered why the process isn't streamlined.

For example, after I receive the confirmation that SpamCop has received my emails for processing, I go to the website and login, then click the Report Now link. That gives me a spam to look over and report, which I do, using the Send spam Report(s) Now button.

At that point, since I have other messages waiting to process, I'd expect the site to just process another spam and present me with the details page and another Send spam Report(s) Now button. But instead I'm back to the original start page, having to click the Report Now link yet again. It's a wasted page-load for the server, a wasted wait and click for the user, and wasted time all around; while it isn't much, when you do it daily for 15-30 spam messages, it really gets old.

Could the processing be changed to automatically load the next spam for processing, if there's one waiting?

Thanks,

John

]]>14474Mon, 20 Oct 2014 16:12:24 +0000Spammers have their own ISPhttp://forum.spamcop.net/topic/12258-spammers-have-their-own-isp/Hi,

I'm noticing more and more spammers are getting their own ISP. So, when we report spam, they directly receive the spam complain, and it just confirm that the email address works, and the spam never stops.

You visit the ISP web site, it seems legit, but there is no real contact information or physical address.

They also sometime uses Gmail as the abuse address, which doesn't seems normal for a true ISP...

So, my suggestion would be:

As well as reporting to the sender ISP, optionally report to the sender ISP ISP. So, the provider of the ISP will also get noticed of those spams.

I've done this once or twice in the last year, and the spam ceased immediately. I think the spammers had a hard time getting back from this major shutdown.

Sure, the function might be available to advanced users, but this would help a lot...

I don't know how spammers do it, but apparently it is possible for e-mail to be stuck in the SMTP-routes of Yahoo. They seriously need to start streamlining the process at Yahoo. My guess is, that spammers can trigger the holding of mail somehow, by sending large volume of mail or using a bug somewhere in Yahoo's system.

Anyway, to keep the crap out of circulation my suggested change is to start evaluating dates on my server instead of a trusted server. When it comes to Yahoo, I absolutely don't trust them.

Regards,

Jari Turkia

]]>14312Wed, 27 Aug 2014 07:05:20 +0000Feature request: Order 'Report now' optimally: nearest to overdue firsthttp://forum.spamcop.net/topic/12029-feature-request-order-report-now-optimally-nearest-to-overdue-first/When you have multiple spam reports in the system, some may already be overdue (past the 48 hours limit) but some may have a few minutes or a few hours of validity left.

Currently, the Pending reports seem to be presented in order of submission to Spamcop.

I would like to suggest a Preferences option that allowed these Pending reports to be presented in the most effective order:

1) Reports with least time left first

2) Reports that are overdue

This would allow the maximum number of good reports to be made. As soon as you hit an 'overdue' report, you could delete the rest.

]]>12029Thu, 20 Oct 2011 15:12:55 +0000Link Obfuscation - Too Many Linkshttp://forum.spamcop.net/topic/13194-link-obfuscation-too-many-links/Lately I've seen quite a number of spam messages that generate the "Too many links" error when attempting to report. However, they are actually all the same link with different machine names. These are all going to the same domain, and the spammers are certainly just logging (or ignoring) that portion of the URL. For example:

All of the above are going to norinque.info. The machine names (quaveringly, abrasive, manley, etc.) are purposely confusing the reporting software into thinking they are different. While of course it's still possible to manually report that domain, as this practice by the spammers becomes more prevalent, it would make sense to make Spamcop aware of that and not be fooled by it.

]]>13194Sun, 17 Mar 2013 19:32:44 +0000In Light Of The Webmail System Removal....http://forum.spamcop.net/topic/14276-in-light-of-the-webmail-system-removal/Cautiously I'm fine with the change of removing the webmail system. My problem with the proposal is that the reporting is WAY better in the webmail system and viewing the "held email" is also much better in the webmail system. Can this be improved upon on the main spamcop page? Maybe make the viewing and reporting of held email a little less clunky?]]>14276Sun, 10 Aug 2014 16:17:01 +00002 days limithttp://forum.spamcop.net/topic/12343-2-days-limit/tried to report a spam when it was Mon, 23 Apr 2012 09:25 +0100 but got the following message:

Sorry, this email is too old to file a spam report. You must report spam within 2 days of receipt. This mail was received on Sat, 21 Apr 2012 09:14:21 +0100

I guess ideally it should allow from Friday close of business, i.e. 5pm when reporting on Monday morning?